WinAD manual authentication to two domains

Hi,
We have our windows 2008 domain (A) and a secure windows domain (B) which we have a one way forest trust with. Their trust of us is listed as 'External, not transitive'.
So
A - Forest, Transitive -> B
B - External, Not Trans -> A
We are running web sphere on windows 2008 R2, BOXI 3.1 SP 5.
We have set up WinAD manual authentication with our domain A using Kerberos. Reading the documentation and threads here, it's obvious we cannot add domain B without creating a forest trust from the other side. This will not happen for security and policy reasons.
Should we be able to configure BOXI manual LDAP authentication to their AD and have it coexist with the WinAD auth?
Thanks,
Sam

Yes that is possible and you can configure.
It should work fine.
-Raunak

Similar Messages

Can I have two Domain in one network?

I have two Server in my office in same network.
Server A is Active Directory / Domain Server. Certain user join domain and connect to this server.
Server B is File Server. The other user just use Workgroup. But now this server want to Up Domain to be Domain Server.
But user that connect to the domain Server A will not connect to domain server B and user connect to domain server B will not connect to domain server A.
Is there any problem if I setup two domain in one network?
Please Advise.

Domains are logical structure of your network. Yes you can create two domains in the same network. One thing you should consider in this scenario is trusts between your domains. By default separate domains have not any trusts between each other and you should
establish trust manually if you would like to have users in A authenticated in domain B.
Regards.
Mahdi Tehrani Loves Powershell
Please kindly click on Propose As Answer or to mark this post as
and helpfull to other poeple.

802.1x using authentication from NT Domain Controller instead of Radius

I would like to know if it's possible to configure 802.1x using authentication from NT Domain Controller, instead of using Radius or Tacacs.

It is possible to use MS AD, generic LDAP, Novell NDS for authentication, it's fairly common.
The issue is "How do get the device to talk to the authentication source ... (AD, DC, NDS, LDAP)?"
The answer is RADIUS.
You can configure RADIUS to pull authentication from a variety of source (depending on the RADIUS - many/most can use any of the LDAP-based systems).
So, yes, certainly you can use the Microsoft AD, but you need RADIUS to connect the two systems (the 802.1x device and the AD server).
If cost is the issue, try freeRADIUS (www.freeradius.org) - it's fully featured (can use LDAP, AD, NDS, Certificates, etc), it's free, and configuration is much easier than it looks ....
Good Luck
Scott

Combining two Domains in a single Forrest

Issue: We have a forest - bcxxx.com and with-in lives two domains: xyz.com & abc.com. Both domains are in the same physical location. Is there a best practice to merge one into the other or create a new domain and merge the two into
one? I'm inherited a mess and there isn't a need to have them separated. There is currently a trust between the two but I would like to clean this up the best way possible and do it following the best practice format. A single domain
environment would work fine and it would be more organized and less complicated.
Is there a way to do this with-out starting over from scratch? 700+ Users +600 devices would make this a nightmare. Any suggestion will be greatly appreciated.
RT

Thank you for the input, i appreciate it. Yes, this current setup is unnecessarily complicated and a big mess. There are to many issues to mention just in general as to the amount of odd errors popping up. So instead of trying to troubleshoot
each individual one I want to take the proper steps to help clean it up, upgrade the domain, and then see if these problems still exist.
Some of the daily issues: unable to browse devices on the network - Computers by name or add computer to the domain | DNS Issue. By manually adding the same DNS IP's addresses to the NIC which it had the by DHCP resolves the issue. Setting it
back to Automatic DNS after the fact, the computer works works fine. This is just one very minor problem.
Thanks again.
Randy Taylor

Clients authenticating to wrong Domain Controllers

In our domain we have 28 sites and each site have its own Domain Controllers and we have one data center where we have 3 DCs.
Domain Controllers run DNS role as well and DNS replication is active directory integrated.
For all clients local DC is configured as primary DNS and DataCenter DCs configured as secondary DNS.
Problem is, most of the times, client machines are not gettings authentication from local domain controller, most of the times authentication happnes from other location domain controller or data center DCs.
I have done the below troubleshooting steps;
DNS - verified in the DHCP and ensured that local domain controller (DNS) server configured as promary DNS server and data center DCs as secondary
SRV Records- verified and looks fine
Subnets - Verifed and found its configured according to the sites in AD
I can confirm the information in SRV records and AD subnet information is accurate.
Please help me resolving the issue
Mahesh

Problem is, most of the times, client machines are not gettings authentication from local domain controller, most of the times authentication happnes from other location domain controller or data center DCs.
This is usually caused due to one of the following:
AD Sites and subnets are not configured properly: DCs not moved to the correct sites, missing subnets, subnets linked to wrong sites .... Here, netlogon.log on each DC will help you to have more information about this: http://support.microsoft.com/kb/109626
Security filtering: If traffic to local DCs is filtered, client computers will not able to query them and will try to query other DCs. You can use PortQryUI to make sure that all needed ports for authentication are opened: http://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx
Wrong DNS records which may cause wrong DNS resolution - Here clients may be redirected to DCs you don't like them to be contacted
For AD sites and subnets, make sure that:
You created an AD site per physical location you have DCs in them
You created all usued subnets (Be careful about subnetting and supernetting) and link to their correct sites - Each subnet will be linked to AD sites containing DCs you would like them to be contacted
For Filtering, use PortQryUI for checks and you can use event logs for more information.
For the DNS system, you can proceed like that to be sure that all DCs were registered correctly and that DNS resolution will be fine:
Make sure that all DCs has one IP address in use and only one NIC card enabled (Other NICs should be disabled)
Make sure that public DNS servers are set as forwarders and not in IP settings
Choose a healthy DC / DNS server and make all DCs point to it as primary DNS server. You can make other DNS servers point to their private IP address as secondary one
Make sure that needed ports for AD replication are opened in both direction: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
Once done, run ipconfig /registerdns and restart netlogon on each DC you have. Like that, all DCs will update their records on the chosen DNS server and the changes will be replicated to other DC / DNS servers using AD replication. Of couse,
it will be better to remove manually all obsolete / unused DNS records.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active
Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network
Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications
Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer

Mail sever, two domains, separate user inboxes

We have two domains - one for personal emails and one for our company. I want to set up the mail server to keep incoming mail separated by domain and deliver via Imap to separate inboxes. So mail to [email protected] remains separate from mail to [email protected]
I can do this in my current ail server (Mdaemon/Windows) simply by creating the two domains and setting up the users in those domains (so there's a user nick in each domain with a separate login for that domain.
I might be missing somehting obvious, but I don't see how to do this in Maountain Lion Server. Any ideas please?

You're not the only one to have stumbled into this, and OS X Server arguably hasn't been particularly adept nor particularly clear about this, and the newer documentation and newer controls have gotten rather thinner.
The 10.6 Mail Service Administration manual describes how to do this, though the specific configuration files may have moved around since 10.6. (I've become quite fond of the shell locate command here. That command-line command initializes and accesses a database which makes finding the version-relocated files much easier.) See the documentation around Mail virtual hosting starting around page 74, followed by the OS X Server-style and Postfix-style aliases, around page 77.
There's also the OS X Server 10.8 Workgroup Manager download, which can be useful here.

Database mirror between two domain

I setting up database mirror between two domain that will help me migrate from SQL 2008R2 to SQL 2012 :
It is set up as follows:
Domain A(Old domain) - Server A
Domain B (New Domain for HA/DR setup) - Server B and Server C (Already configured as FCI and AG)
I want to migrate data from Server A to Server B using database mirror.
I set up the
Created Master key, endpoint and certificate on the Server A
Created Master key, endpoint and certificate on the Server B
Backup certificate on both sides and copy to each server
Create inbound connections on both principal and mirror partner. Here I created two SQL logins
SQLSrvA_login
SQLSrvB_logi
Grant connect on endpoint to both logins on both principal and mirror partner.
Everything seems ok as can be seen below
Principal partner:
grantee　　　　　　　 endpoint　　　　 permission　 state_desc
SQLSrvA_login Hadr_endpointCONNECT GRANT
SQLSrvB_loginHadr_endpointCONNECT GRANT
Mirror partner:
grantee　　　　　　　 endpoint　　　　 permission　 state_desc
SQLSrvA_login Hadr_endpoint　　CONNECT GRANT
SQLSrvB_login　　 Hadr_endpoint　　CONNECT GRANT
Perform a full db backup and log backup on ServerA and restore to　 ServerB with norecovery
When trying to establish the partnership, it succeeded on the mirror partner ServerB 　　but failed on the principal partner ServerA with the following error
Msg 1418, Level 16, State 1, Line 2
The server network address "TCP://ServerB:5022" can not be reached or does not exist. Check the network address name and that the ports for the local and remote endpoints are operational.
The following error is in the SQL errorlog:
Database Mirroring login attempt failed with error: 'Connection handshake failed. There is no compatible authentication protocol. State 21
Any ideal why this is occurring?
Thanks
Datawarehouse lead Architect

Hi,
Please see this link for possible solution.
http://blogs.msdn.com/b/grahamk/archive/2008/11/21/how-to-configure-database-mirroring-between-2-instances-on-a-standalone-server.aspx
Hope this helps
Bhanu

WLS 8.1 two domains with EJB and webapp deployed has JVM conflicts?

Test configuration environment:
Windows 2003 server installed with weblogic 8.1 server and oracle 9i.
This weblogic server have two domains, one is for EJB deployment, the other is a webapp that implements accessing to oracle through EJB.
The issue is when we tested a method provided by the EJB that uses double to calculate some total value, the result was correct. But when we tested it using webapp that was deployed on the same server of EJB, it's result was negative or zero.
I think the reason is that the JVM which both EJB and webapp used for calculation was the same and may made some conflicts when they run at the same time.
Any suggestion would be greatly appreciated.
Thank you in advance!
Shuaibing
Message was edited by:
linuxapple

This morning I deployed that webapp to the Domain that deployed the EJB, The results of calculating in webapp's jsp was correct.
Any one be kind enough to tell me what the calling JVM differences between single domain(deployed by EJB and webapp) and two domains (deployed EJB and webapp separately)?

How can i put two domains with IAS

Hi!!
I have IAS in Win NT and i publish www.mycompany.com published with it, but now i want to publish other domain www.myproduct.com in the same machine and i dont know how because in the http.conf servername parameter i only can put one server, if i install two networks cards and with two IP's can i do this? or is impossible?
Could anyone help me?
Regards.

Hi!!!
Thnaks for your help!!
But if with these two domains i need to publish pages generated with the pl/sql toolkit how this works?
If i publis /pls/myapp and /pls/myapp2 where i see this in this, in two domains? can i give permissions or something to only see myapp in domain1 and app2 in domain2?
Thanks in advance.

Two domains + two servers + one static IP address = DNS confusion

I'll try to keep this simple:
I have two domains, two mac mini SL servers, one airport extreme, and multiple static IPs, but only one of them pointing to the router. I've configured DNS successfully for the primary domain (example1.com) and thought that I had set up a second primary zone for the second domain (example2.com) but all external requests point to example1.com.
So the two setups i've tried are:
Reverse zone
1.0.10.in-addr.arpa.
- 10.0.1.200 - example1.com
- 10.0.1.201 - example2.com
Primary zone
example1.com
- example1.com - 10.0.1.200
- example2.com - 10.0.1.201
OR
Primary zone 1
example1.com
- example1.com - 10.0.1.200
Primary zone 2
example2.com
- example2.com - 10.0.1.201
Does anyone know of a good tutorial for hosting multiple servers in an internal network, pointing to one name server internally? I've looked everywhere and cannot make sense of the issue.
Thanks in advance.

After sleeping on it, I came up with a much easier solution that works better for what I'd planned in the first place. I hung a spare router off my gateway and set up a completely different network for the second server and everything is great now. I knew there was a reason I'd signed up for five IPs...
In any event, I don't think I would've been able to accomplish what I was trying to do while using the Airport Extreme as my firewall. I wanted to have separate static IPs for each of the boxes and obviously I couldn't do that with the airport, although it took a while for me to recognize that.
thanks for the suggestion, though. I think I'm going to use that for some subdomains.

Send connector - e-mails from two domains to distinct anti-spam IPs

I have an Exchange enviroment that has two domains. I want that e-mails sent from a domain do the relay to an anti-spam, and e-mails sent from another domain do the relay to another anti-spam.
Example:
I need to config send connector to send the e-mails from "test1.com" to IP 10.160.190.66 and from "test2.com" to IP 10.160.190.69
How do I do?
I need this because each domain uses distincts anti-spam
Tks.

Hi,
Before going on, I would like to confirm the following information.
What's the version of the Exchange?
Whether the two domains have their own Exchange or share one Exchange?
Thanks
Allen

How To: Host Two Domains on Lion Server - One IP

Here is the situation: I own a new MacMini and have installed Lion Server. All of my updates are current. I have purchased two domains from a reputable “Gddy” source. (I don’t know if I can use there official name). I think I am doing something wrong because I have to type the “www.”mydomain.com to get to my websites. How do I host my two sites?
Here is what I have done so far and have been somewhat successful. For purposes I will refer to my domains in this question as domain1.com and domain2.com. At Gddy my DNS A records for @ both point to my single IP. In addition my www CNAMEs point to @ for both my domains.
My server admin DNS read the following:
Name – 1.168.192.in-addr.arpa / Type – Reverse Zone / Value - Blank
Sub Name – 192.168.1.6 / Type – Reverse Mapping / Value – server.mydomain1.com.
Name – server.mydomain1.com / Type – Primary Zone / Value – Blank
Sub Name – server.mydomain1.com. / Type – Machine / Value – 192.168.1.6
In Lion server I have Web Server turned on and have setup the following web sites:
server.mydomain1.com
www.mydomain2.com
www.mydomain2.com
I am using iWeb and have both websites loading through SFTP successfully.
I am using a SSH certificate I created using my apple ID
Questions:
Why do my customers need to type the www to access my domains?
Do I need to setup another primary zone called server1.mydomain2.com?
Currently everything works fine if you type the www before the domains but I am now on a mission to refine my sites. If users get errors trying to get to my site then they will stop trying and I don't want that. Apple community please help. This stuff really amazes me and the fact that I am somewhat "catching on" is a great feeling. Thank you.

As Belle points out, this has little or nothing to do with DNS. It's all about Apache.
When a request comes in, Apache looks at the hostname of the request to determine which site's configuration to use for that request.
Right now you have two 'sites' configured - 'www.domain1.com' and 'www.domain2.com'.
When a request comes in for, say, http://domain1.com/ Apache does that same lookup, except it doesn't find a match - you don't have any configuration for 'domain1.com', only 'www.domain1.com'. THESE ARE DIFFERENT.
There is absolutely no automatic relationship between a host record (e.g. 'www.domain1.com') and its parent domain (e.g. 'domain1.com'). It makes no difference that you have a DNS CNAME that maps one hostname to another because Apache isn't doing DNS lookups on the incoming requests.
The solution, as indicated, is to tell Apache the list of hostnames that match each site. By telling the 'www.domain1.com' site that it's valid for 'domain1.com' as well (and even 'foo.domain1.com' or 'bar.domain2.com' if you want, too), Apache can serve the request with the appropriate configuration.

Two Domains

I have a windows 2003 AD domain. I need to change the domain name and also upgrade from 2003. I am in the process of setting up a Windows 2008 AD Domain. I will setup full trust between the two domains and slowly move
resources.
Can I setup the new domain with IP address from the same subnet, so I would assign for example 10.168.100.50 - 150 to the Current domain and 10.168.100.151 -254 to the new domain?
Let me know if there is other ways to do this. I have limited resources. I have licenses for 2008 not 2012 and my hardware do not support 2012.
Thanks,
Bill

If all you need to do is change the Domain Name and bump up to 2008 then why not just introduce the 2008 DCs into the existing domain and retire the 2003 DCs? Then bump up the Functional Levels and rename the domain.
Doing a Domain Migration is fine but it is a huge amount of work and you'll probably chase "little issues" around for weeks afterwards,...when you don't really need to do that to accomplish what you listed.

Posting two websites on two domains

I have iWeb '08.
I have 2 Mac accounts, one personal one family.
I have two domains, one with each account.
When I open iWeb on the very bottom in 'green' is my Mac address.
My question:
I create a 'personal website' and I upload it to my 'personal account' no problem.
But now I want to create a 'family website' on my family account - and I use one computer.
How do I make sure that 'family site' goes to the family domain.
If I create multiple websites on iWeb '08 - how do I direct those sites to their proper domain.
I'm confused.
Also since I have your attention - if I have the HTML - how do I create a button?
And lastly - I know you can make a website 'password' protected. Is there a way within a website
to make ONE PAGE private. Let's say all the links on the 'home works' except for that 'one page.' Is that doable?
Thank you!

Log into your puter with new user name and then go and change your idisk user name and password to the 2nd .mac so that when you open the idisk it is that 2nd account, then you can launch iweb and make second site for that other .mac account...
making 1 page protected just use the help menu within iweb it will tell you how, it's simple...

Insert performs so differently in two domains through dblink

Hi All...
I have a same insert in two domains... test and certification.... the insert in test takes about 1-2 mins however the insert in certification takes forever... (10+mins and I killed it)
This insert contains dblink selecting from other team's test and cert domain however the number of records difference of their source table is only like 50k....
And after I killed the session, it marked as killed stays in the session. I have to contact DBA to kill it from OS...
Does any one have any idea why this happens and what is the possible solution to this?
Thanks,
Edited by: 986006 on Feb 11, 2013 1:55 PM
Edited by: 986006 on Feb 11, 2013 2:13 PM

How do I ask a question on the forums?
SQL and PL/SQL FAQ
do NOT explain to us what you think you did.
use COPY & PASTE to show us exactly what you did & how Oracle responded.

WinAD manual authentication to two domains

Similar Messages

Maybe you are looking for